Endpoint Protection

In the SEP manager the Latest Manager Version is almost 1 month older than the Latest Symantec Version.
The problem is that the clients aren't getting the proper version since the Manager version is so old.
How can I get teh manager version to be the current version?

Hi,

       Can you please let us know the versions reflected on the SEP Client and the SEPM console. I mean the version of SEP & SEPM.

Hi,

       Please check the following link as well.

http://service1.symantec.com/support/ent-security.nsf/docid/2008111223193848

We are having the same issue. SEP Manager is showing 4/22/09 as the newest updates even though the clients are running the newest May 5th. Console and Clients are all on Version 11.4014.

Any ideas?

Both are 11.0.4014.26.

I also have the same setup on 2 location, one location works perfect, the other is having the above issue.

No, No mines not the same. Manager version is 2009-04-01 rev .052 same on the clients, but Latest Symantec Version in the console is 2009-05-07 rev 003. Which means that Live update is working but somehow the manager version is not changing. I manually ran live update in the console and saw that it was successful.

Hi,

       Did you mean the Virus definition dates on the SEPM console and the virus definition date shown by the SEP Client in its consle are different?.

If yes this could happen if the clients have lost communication with the SEPM temporarily. Right click on that group in which the clients are listed...select run command on group..and then click on update content...On the client side right click on the Symantec sheild near the system clock and click on update policy. This would initiate a connection between the two and thereby update the definitions.

Also please note that the clients can be configured to take the definitions from either the SEPM console or through the internet...if the client have both the options they will initially try to connnect to the SEPM for the latest definitions in case they dont get any they would go to the internet and fetch them.....thereby the definition dates would differ.....

Hi Naar,

       I got your issue. Please do the following and let us know whether the manager version date changes however both the dates at times wwould ot be the same.



· In services.msc, stop Symantec Endpoint Protection Manager service
· In services.msc, stop Symantec Endpoint Protection service.
· Navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
o Delete the .jdb and any 'extracted' files that may be present
· Navigate to C:\Program Files\Common Files\Symantec Shared\Symcdata
o Open sesmvirdefs32 and delete contents
o Open sesmvirdefs64 and delete contents
o Open VirusDefs and delete contents
· Navigate to C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
o Delete contents of Downloads folder
o Delete all Settings.LiveUpdate files
§ ie;1.Settings.LU, 2.Settings.LU
o Also delete the un-numbered Settings.LU file
· In services.msc, start Symantec Endpoint Protection Manager service
· In services.msc, start Symantec Endpoint Protection service.
· Open SEPM/Admin/Servers/LocalSite

Monitor status as SEPM downloads and installs definitions.

Sandip, first thanks for your help. Sorry if I am confusing you.

All clients has 2009-04-01 rev.052 as their defs.
In the SEPM console under the Home tab in the top right column
Latest Symantec Version: 2009-05-07 rev.003
Latest Manager Version: 2009-04-01 rev.052

See the problem here is that the clients are getting the Latest Manager Version which is outdated. How do I get Manager version to be Symantec version?
Like I said Live update seems to be working,  here is the log
May 7, 2009 7:34:16 AM EDT: LiveUpdate succeeded. [Site: My Site] [Server: earthquake]

Sandip, just to let you know.
There were nothing in the incoming folder, and there were no settings. LiveUpdate files, there was just one file called settings.
I did all that , nothing changed, but I guess I will have to wait a while.

Thanks

I did everything as mentioned above but no results. Everything still the same.

In my Download Live update content here is the last download

Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs 2009-04-01 rev. 052 April 2, 2009 6:05:02 AM EDT

and here is my most recent update log

May 7, 2009 1:27:19 PM EDT: LiveUpdate succeeded. [Site: My Site] [Server: earthquake]
May 7, 2009 1:27:18 PM EDT: LUALL.EXE finished running. [Site: My Site] [Server: earthquake]
May 7, 2009 1:27:18 PM EDT: LUALL.EXE finished. There were no new content updates. Return code = 1. [Site: My Site] [Server: earthquake]
May 7, 2009 1:27:06 PM EDT: LUALL.EXE has been launched. [Site: My Site] [Server: earthquake]
May 7, 2009 1:27:06 PM EDT: Download started. [Site: My Site] [Server: earthquake]

So it now seems like update is running but failing to get the most recent defs.

I did remove and reinstall live update.

    I might be a little confused, but from what you have said it would seem that SEPM has not been downloading the latest definitions from either Symantec or wherever you have it pointed to for Live Update.  I have had something similar happen in the past were LU on the server would hang.  I had success both by killing and then relaunching LU from the SEPM Console and also by rebooting the SEPM server.


Edit - So much for my idea, didn't see your last post til after I posted this

Are your clients also configured to take the definitions from the liveupdate server of Symantec?

The first thing that I would try is to re-regsiter the liveupdate with the SEPM in case that is broken.

"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -cleanup

and then

"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -update

and then try to launch the liveupdate from within the SEPM to see if it's an issue with only the AV defs or other components as well.

If that doesnt work out, You can proceed to this doc.

http://service1.symantec.com/SUPPORT/ent-security.nsf/0/42d86ee0b173113c882574c600734d78?OpenDocument

 

Sandeep. No, they are only configured to get updates from SEPM.

I have done all those things you mentioned, no luck

I just used the jdb file and now all the clients have the current defs, I will have to wait and see what happens when the next update comes out.

 

Hi,
Latest Manager Version does not reflect the full status of your manager. it is related only to the AV definitions.
I explain you why this is important.
As you SEP is made by some components (AV; firewall, etc.) and each of them has different definitions.

If your LiveUpdate is not working at all then all kinds of definitions should be old and then reinstall the LiveUpdate is a good idea:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648

If only the AV definitions are out of date it means that they are damaged and you have to clean them (apply this procedure really really carefully):
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008041516215948

Now, to check if you are in the first or in the second situation, open your Manager console > admin > servers > local site > show liveupdate downloads. You will get a table with the revision of all contents, if you see that all of them are not more recent than the AV definitions, it means you are in the first situation, otherwise you are in second situation.

In case of doubt, post a screenshot of this table.

Regards,

Try to update the manager with a JDB-file.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6a1ab5f037c03e488825736f0010829b?OpenDocument


1. Download the Intelligent Updater by going to ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/jdb/
2. Select Symantec Endpoint Protection.
3. Select the *.jdb file specified for Symantec Endpoint Protection 11.0, for example, "vd269027.jdb" and save the file to the desktop of the Symantec Endpoint Protection Manager computer.
4. After the download is complete, copy the *.jdb file to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming folder (default install location).
5. Within 30 seconds to a minute the *.jdb file will process; all files and subfolders are removed from the incoming folder upon processing.

You can download the JDB-file from here or here (Intelligent Updater).

@dires_vb: good idea on getting Naar the latest defs, but he already said he has done that : D

@Naar: I think Giuseppe.Axia's answer of cleaning out bad def's is right. This was the first thing that came into my mind, so try this and let us know how you are coming along.

Thanks,
Grant-

I am following your instructions

Problems so far.

1. I do not have the folder, %programfiles%\common files\Symantec Shared\VirusDefs.
2. When I try to run live update I get
   Lu1823: Another running instance of LiveUpdate was detected, but it is not visible.>>>>>>>>>>>>>>>>>>>>>

I tried to look for this instance but no luck.

Now I am really stuck.

Sorry double post.

I got through those steps.
I created the VirusDefs folder restarted the machine then ran Liveupdate, everything went ok...except no new definitions.. same prob.

Here is live update log.

May 14, 2009 4:48:08 PM EDT: LiveUpdate retry failed. Will try again. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:08 PM EDT: LUALL.EXE finished running. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:08 PM EDT: LiveUpdate encountered one or more errors. Return code = 4. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:08 PM EDT: LUALL.EXE has been launched. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:08 PM EDT: LiveUpdate retry started. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:07 PM EDT: LiveUpdate succeeded. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:07 PM EDT: LUALL.EXE finished running. [Site: My Site] [Server: earthquake]
May 14, 2009 4:48:07 PM EDT: LUALL.EXE finished. There were no new content updates. Return code = 1. [Site: My Site] [Server: earthquake]
May 14, 2009 4:43:20 PM EDT: LUALL.EXE has been launched. [Site: My Site] [Server: earthquake]
May 14, 2009 4:43:20 PM EDT: Download started. [Site: My Site] [Server: earthquake]

I am still looking in on to why you would not have the VirusDefs folder. But for the error about the other instance of live update running can sometimes be caused by an older configuration with a different network connection that you no longer use. Make sure you don't have any network connections listed that you no longer use. To do this follow these instructions.

Go into the Windows Control Panel and open Internet Options.
Select the Connections tab
In "Dial-up and Virtual Private Network settings" section, if there are any connection entries listed, verify the legitimacy of each.
If it is not necessary to keep the connection entry, select and delete the connection, and click OK. This will resolve the issue.
If it is necessary to keep the connection entry, It must be deleted and manually re-created. You may select the connection and click "Settings," write down the settings, then delete and re-add the connection. Do not use software to re-create the connection (such as a DSL setup program).

If you don't have any connections that you are not using then this solution won't help and we will have to try something else.
Cheers,
Grant

Nevermind that last post now that you got it to work. You beat me to the punch : )

Have you looked into the possibility of the corrupt definitions on the SEPM like Guiseppe suggested? Also you didn't answer the question yet if it is only Anti-Virus that is outdated, (unless i missed it somewhere).

Grant-

No, its all the defs that are outdated.
and yes, I did everything to the teeth as Guiseppe mentioned.

Hi, I have the same problem i have checked all my settings and my SEPM does not seem to update. Since i run an update manually from the admin option and it shows that it completed successfully but my definitions still stay the same when i go into the show downloads option. All the definitions are old.

How would you reinstall the Liveupdate?

please try to start-> run -> luall     on SEPM server
it seems that you have not very fast internet chanel - so if error will appear - try to run luall several times

Hi Christo, have you tried restarting the sepm service?

Like I said update is running but all the defs are outdated.
Here is a copy of update log.
May 20, 2009 1:07:18 PM EDT: LiveUpdate succeeded. [Site: My Site] [Server: earthquake]
May 20, 2009 1:07:18 PM EDT: LUALL.EXE finished running. [Site: My Site] [Server: earthquake]
May 20, 2009 1:07:18 PM EDT: LiveUpdate will start next on Wednesday, May 20, 2009 5:07:18 PM EDT on earthquake. [Site: My Site] [Server: earthquake]
May 20, 2009 1:07:18 PM EDT: LUALL.EXE finished. There were no new content updates. Return code = 1. [Site: My Site] [Server: earthquake]
May 20, 2009 1:06:56 PM EDT: LUALL.EXE has been launched. [Site: My Site] [Server: earthquake]
May 20, 2009 1:06:56 PM EDT: LiveUpdate started. [Site: My Site] [Server: earthquake]
May 20, 2009 9:06:17 AM EDT: LiveUpdate succeeded. [Site: My Site] [Server: earthquake]
May 20, 2009 9:06:17 AM EDT: LUALL.EXE finished running. [Site: My Site] [Server: earthquake]
May 20, 2009 9:06:17 AM EDT: LiveUpdate will start next on Wednesday, May 20, 2009 1:06:17 PM EDT on earthquake. [Site: My Site] [Server: earthquake]
May 20, 2009 9:06:17 AM EDT: LUALL.EXE finished. There were no new content updates. Return code = 1. [Site: My Site] [Server: earthquake]

Can you read this article, see if it helps.

https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues